Google has issued the latest monthly security patch release for the firm's Nexus range of devices, fixing 10 flaws.
Nexus owners should get the update automatically. “We have released a security update to Nexus devices through an over-the-air update as part of our Android Security Bulletin Monthly Release process,” Google said.
Other Android devices will also get the fixes, but only after the relevant handset manufacturers, such as HTC, Samsung and LG, have taken the updated code and adapted it as required and pushed it out to customers.
Google listed five of the 10 fixes as 'critical severity', four as 'high severity' and one as 'moderate'. The company explained that the most notable is a flaw in the mediaserver processor in which a malicious file could be used against a device.
“During media file and data processing of a specially crafted file, vulnerabilities in mediaserver could allow an attacker to cause memory corruption and remote code execution as the mediaserver process,” Google said.
“The affected functionality is provided as a core part of the operating system and there are multiple applications that allow it to be reached with remote content, most notably MMS and browser playback of media.”
Another notable flaw affects devices using a Broadcom WiFi driver that could be attacked via “specially crafted wireless control message packets”. This would allow the attacker to “corrupt kernel memory in a way that leads to remote code execution in the context of the kernel”.
“These vulnerabilities can be triggered when the attacker and the victim are associated with the same network,” Google added.
The firm said that it has had no reports of any of the flaws being exploited in the wild.
Google thanked several researchers for uncovering the vulnerabilities, including those at Trend Micro and Tencent, and its own Android security time and Pixel C Team.
93 per cent of UK homes and businesses can now use 24Mbps+ broadband
1.9 trillion yen offer by WD-led consortium falls short of Toshiba's demands - but may be accepted anyway
Banking Trojan that 'wreaked havoc' in Europe and the US in 2014 may have absorbed NSA exploits to spread via network security flaws, not just phishing
Leaks in the run-up to Samsung Galaxy Note 8 launch pretty much gave it all away